Skip to main content

ORAS - Looking back on 2022 and forward to 2023

· 6 min read
Feynman Zhou
ORAS Maintainer

ORAS is a tool for working with OCI artifacts and OCI registries. It allows you to distribute OCI artifacts across OCI Registries. ORAS was established and open-sourced in Dec 2018 and joined CNCF as a Sandbox project in June 2021.

As you can see, ORAS has a long history and is still growing since it has an active community behind it. I was fortunate to join the ORAS community as a release manager in May 2022 and growing with the project this year. So I write this article to share the growth of the active community and project iteration that I witnessed in 2022. Let’s look back at what’s been happening this year and what we can expect in 2023 and beyond.

Moving fast with monthly release cadence

ORAS provides an OCI registry client ORAS CLI with functional-rich command sets that users can benefit from, while developers can build their own clients on top of one of the ORAS client libraries including Golang and Python libraries.

We are following a monthly release cadence to ensure fast iteration so that we can get feedback and detect problems from the community and then fix them efficiently.

  • ORAS CLI has 4 Minor releases and 2 Patch releases in 2022 and evolved into a powerful and easy-to-use OCI registry client. It supported the OCI artifact manifest and complied with the OCI v1.1 Specifications in the latest release
  • ORAS-go has shifted the focus and feature development from v1 to v2 this year. It has 15 releases and recently announced the last RC (ORAS v2.0.0-RC.6) release. In contrast to v1, v2 brings more unified interfaces, notably fewer dependencies, higher test coverage, better documentation, etc. For those who are still relying on v1, don’t worry about its deprecation at this moment as v1 is still under maintenance. But it’s highly recommended to give v2 a try and you can expect a stable v2.0.0 to be available in Jan 2023.
  • Similar to ORAS-go, ORAS-py is a Python SDK for ORAS. It was established and contributed by Vanessa starting in May 2022. Thanks to Vanessa, ORAS-py delivered 10 releases and a well-organized API and user documentation in 2022.

More active engagement in the community

As some users might be aware, the ORAS project has an obvious growing trend in both user adoption and contributions starting from the middle of 2022. We are working to properly document the contribution and development process. Let’s see the remarkable statistics in 2022 as follows. You can also check out the detailed dashboards here.

Adoption: Powering multiple industries and OSS communities

ORAS CLI, ORAS Go, and Python SDK are designed to help users and developers manage OCI Distribution based artifacts. ORAS empowers the secure supply chain by enabling users to leverage the existing services they already have across their development to production environments.

Currently, the biggest cloud providers like Microsoft Azure, AWS, and Google Cloud are using ORAS to manage OCI artifacts in registries. ORAS Go SDK has been integrated and adopted by some industry-leading vendors and popular open-source projects. Here is part of known adopters till now:

Contributions to upstream OCI

Just a few years ago, there were no standards nor tooling for registries to natively store, discover, and pull a graph of OCI artifacts. To extend the registry’s role and form the industry standard, ORAS maintainers proposed a new artifact manifest type to describe and query relationships between objects stored in a registry, without mutating the existing content.

Initially, the reference types work was incubated under the CNCF ORAS Artifact manifest project. It has been contributed to the OCI Image and Distribution v1.1-RC specifications in Sep 2022. Now it is an industry standard and there are already a few early implementations, such as Azure Container Registry and Zot registry. After the OCI v1.1 specification is available, we expect more registry vendors start to support and implement it.

Diverse evangelism and advocacy

Open-source contributions are not limited to coding. The non-code contributions like blogging, writing documentation, and technical sharing are also important for the ORAS community. It’s so good to see more and more users and contributors from different organizations sharing their use cases and best practices with ORAS toolings via blog posts or conference presentations this year. You can learn more about their experience from their articles and videos below.


Presentations at conferences

Looking forward: what’s next in 2023

Looking forward to 2023, several exciting plans have already been identified:

  • A stable release for ORAS CLI v1.0.0 and Go library v2.0.0, which are planned on Feb, 2023
  • A new website that brings developer-friendly layout design, demos, and documentation
  • Apply to become a CNCF Incubating project

Last but not least, special thanks go to the many outstanding contributors, community evangelists, adopters. We are also grateful to those who have incorporated ORAS in production and have been providing feedback to ensure ORAS is continuously improving. Let’s collaborate more on future milestones in 2023.